Hi,
A few days ago I was having an issue with not being able to use
sender_access to permit mail with non-existent hostnames to be delivered
that would normally be rejected:
Feb 24 16:48:55 mail01 postfix/smtpd[1945]: NOQUEUE: reject: RCPT from
smtp.lanyonmail.com[50.56.12.142]: 450 4.1.8 <myuser@lanyonrs.local>:
Sender address rejected: Domain not found; from=<myuser@lanyonrs.local>
to=<phyl...@example.com> proto=ESMTP helo=<Mail.LanyonMail.com>
Viktor had helped me get it working, or so I thought, but it was still
rejecting mail, and I don't entirely know why. I've since added an
additional check_sender_access to the recipient restrictions, and I
believe it's working again, but I didn't want to do it that way, and I'm
not even sure that was the actual fix, as I was working under pressure.
smtpd_recipient_restrictions =
----------------------------
...
check_sender_access hash:/etc/postfix/sender_checks,
------------------- -------------------------------
reject_unknown_sender_domain,
----------------------------
...
permit
smtpd_sender_restrictions = reject_unknown_sender_domain
------------------------- ----------------------------
I've separated out the smtpd_{client,recipient,sender}_restrictions, and
added the email address with the invalid domain I wish to allow to
sender_access, but it's still being rejected.
I've included my postconf output below, and hoped someone could review
it. I'd like to remove the check_sender_access in the recipient
restrictions to separate it out into the three different classes.
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_mail_to_files = alias,forward
always_bcc = bcc-user
biff = no
body_checks = regexp:/etc/postfix/body_checks.pcre
bounce_queue_lifetime = 1d
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
default_process_limit = 200
delay_warning_time = 4h
disable_vrfy_command = yes
fallback_relay =
header_checks = pcre:/etc/postfix/header_checks.pcre
pcre:/etc/postfix/header_checks-jimsun.pcre
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 24000000
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = $myhostname, localhost.$mydomain
mydomain = example.com
myhostname = bwimail01.example.com
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 68.123.123.40/29
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
pcre:$config_directory/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8
dnsbl.sorbs.net=127.0.0.10*8 b.barracudacentral.org*7
dnsbl.sorbs.net=127.0.0.5*6 mykey.zen.dq.spamhaus.net=127.0.0.[4..7]*6
bl.mailspike.net*4 bl.spamcop.net*4 bl.spameatingmonkey.net*4
mykey.zen.dq.spamhaus.net=127.0.0.3*4
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_ttl = 10m
postscreen_greet_action = enforce
postscreen_greet_wait = ${stress?2}${stress:8}s
postscreen_whitelist_interfaces = static:all 68.123.123.40/29
queue_directory = /var/spool/postfix
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains = $mydestination, $transport_maps, example.com
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/client_checks,
check_client_access cidr:/etc/postfix/client_access_blocklist
smtpd_helo_required = yes
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unlisted_recipient,
permit_mynetworks,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/sender_checks,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
reject_rhsbl_helo mykey.dbl.dq.spamhaus.net
check_helo_access pcre:/etc/postfix/helo_checks.pcre,
check_helo_access hash:/etc/postfix/helo_checks,
reject_invalid_helo_hostname,
check_policy_service inet:127.0.0.1:2501,
check_recipient_access pcre:/etc/postfix/relay_recips_access,
permit
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_checks,
reject_unknown_sender_domain
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
Thanks,
Alex
